Cryptojacking to target MS-Word via Its Newly Added Features

office.com/setup -The new MS-Word features with the new update have launched the facility of adding Video, by using the iFrame code, into the documents. Even played from the headless Web browser in the pop-up window, the file size of the video doesn’t get increased. This features made it possible for Crypto-jacking JavaScript to attack.

A Security Researcher from Israel Amit Dori, who works with Votiro, has first talked about this problem. He says that the Cybercrooks can host a beautiful video on the servers and then they may add Cryptojacking Script to Monero or to other Cryptocurrency. But when the user clicks on the video’s playback button, the browser gets launched. CoinHive or another such popular miner gets started earning crypto to the far away scammer.

This sort of problems can be averted if MS-Word started to whitelist such domains and allows only YouTube or Vimeo Videos to get played. Some Security- Researchers are against of such solution. The hidden web browser mining has, on the other hand, has explained that this can be possible if the user doesn’t close the video, for a long time.

As per Dori, for their smooth transformation from one video to another, the hacker may upload longer video or short videos. Nowadays, the people desire to watch and download videos on YouTube more than in any other Channel. But the question is who are going to watch or download movies in MS-Word?

The Hackers have to persuade a thousand of users on the regular basis to open up Word booby-trapped documents, to make a profit out of that. They have understood the point that the people mostly, open the video-streaming services and stay there for a long time.So they are now trying to hack the services and place crypto miners over there because people while watching any movies usually never recognize high CPU and Processor loading. The hackers are earning high profit through the websites like a torrent, porn sites, game portals and other resources with pirated content.

The other products of MS-Office are secure because it provides access to certain domains. The online video facility is available in MS-Office other products like OneNote and PowerPoint.

Amit Dori’s detention for the Cryptojacking can be used for the other purposes also, other than the same. For example, the hackers may push scripts into the Word player.The Internet Explorer window makes it easy to get the certain information from the inspected person. For example, the hackers may place regulation on the viewers, who couldn’t able to access the authentication procedure and personal data.

Word macros are very famous among the malware users. The MS-Office Word was used by the hackers to evolve malignant scripts.Recently, Researchers has detented the OLE function of MS products and have asked to be careful while working with MS-Word which has attached videos. One should always download the fresh updates which include the Internet Explorer window. When Amit Dori informed Microsoft about the security issues but they have neglected it. Thus, the user must be very careful while watching any videos on MS-Word, should use VPN to their traffic and not type anything on their personal data, especially from an unknown server.